Json audit logging

apache2/apache2_config.c

@@ -73,6 +73,9 @@ void *create_directory_config(apr_pool_t *mp, char *path)
     /* audit log variables */
     dcfg->auditlog_flag = NOT_SET;
     dcfg->auditlog_type = NOT_SET;
+    #ifdef WITH_YAJL
+    dcfg->auditlog_format = NOT_SET;
+    #endif
     dcfg->max_rule_time = NOT_SET;
     dcfg->auditlog_dirperms = NOT_SET;
     dcfg->auditlog_fileperms = NOT_SET;
@@ -503,6 +506,10 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
         merged->auditlog2_fd = parent->auditlog2_fd;
         merged->auditlog2_name = parent->auditlog2_name;
     }
+    #ifdef WITH_YAJL
+    merged->auditlog_format = (child->auditlog_format == NOT_SET
+        ? parent->auditlog_format : child->auditlog_format);
+    #endif
     merged->auditlog_storage_dir = (child->auditlog_storage_dir == NOT_SET_P
         ? parent->auditlog_storage_dir : child->auditlog_storage_dir);
     merged->auditlog_parts = (child->auditlog_parts == NOT_SET_P
@@ -667,6 +674,9 @@ void init_directory_config(directory_config *dcfg)
     /* audit log variables */
     if (dcfg->auditlog_flag == NOT_SET) dcfg->auditlog_flag = 0;
     if (dcfg->auditlog_type == NOT_SET) dcfg->auditlog_type = AUDITLOG_SERIAL;
+    #ifdef WITH_YAJL
+    if (dcfg->auditlog_format == NOT_SET) dcfg->auditlog_format = AUDITLOGFORMAT_NATIVE;
+    #endif
     if (dcfg->max_rule_time == NOT_SET) dcfg->max_rule_time = 0;
     if (dcfg->auditlog_dirperms == NOT_SET) dcfg->auditlog_dirperms = CREATEMODE_DIR;
     if (dcfg->auditlog_fileperms == NOT_SET) dcfg->auditlog_fileperms = CREATEMODE;
@@ -1282,6 +1292,23 @@ static const char *cmd_audit_log_type(cmd_parms *cmd, void *_dcfg,
     return NULL;
 }
 
+#ifdef WITH_YAJL
+static const char *cmd_audit_log_mode(cmd_parms *cmd, void *_dcfg,
+        const char *p1)
+{
+    directory_config *dcfg = _dcfg;
+
+    if (strcasecmp(p1, "JSON") == 0) dcfg->auditlog_format = AUDITLOGFORMAT_JSON;
+    else
+        if (strcasecmp(p1, "Native") == 0) dcfg->auditlog_format = AUDITLOGFORMAT_NATIVE;
+        else
+            return (const char *)apr_psprintf(cmd->pool,
+                    "ModSecurity: Unrecognised parameter value for SecAuditLogFormat: %s", p1);
+
+    return NULL;
+}
+#endif
+
 static const char *cmd_audit_log_dirmode(cmd_parms *cmd, void *_dcfg,
         const char *p1)
 {
@@ -3223,6 +3250,16 @@ const command_rec module_directives[] = {
         "whether to use the old audit log format (Serial) or new (Concurrent)"
     ),
 
+#ifdef WITH_YAJL
+    AP_INIT_TAKE1 (
+        "SecAuditLogFormat",
+        cmd_audit_log_mode,
+        NULL,
+        CMD_SCOPE_ANY,
+        "whether to emit audit log data in native format or JSON"
+    ),
+#endif
+
     AP_INIT_TAKE1 (
         "SecAuditLogStorageDir",
         cmd_audit_log_storage_dir,

apache2/modsecurity.h

@@ -518,6 +518,11 @@ struct directory_config {
     /* AUDITLOG_SERIAL (single file) or AUDITLOG_CONCURRENT (multiple files) */
     int                  auditlog_type;
 
+#ifdef WITH_YAJL
+    /* AUDITLOGFORMAT_NATIVE or AUDITLOGFORMAT_JSON */
+    int                  auditlog_format;
+#endif
+
     /* Mode for audit log directories and files */
     apr_fileperms_t      auditlog_dirperms;
     apr_fileperms_t      auditlog_fileperms;